WordPress CM Business Directory plugin <= 1.3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM Business Directory versions = 1.3.9...

CVE-2025-23920 WordPress ApplicantPro Plugin <= 1.3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sourcing Team ApplicantPro applicantpro allows Reflected XSS.This issue affects ApplicantPro: from n/a through = 1.3.9...

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop&shopId...

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...

CVE-2024-57161

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...

CVE-2024-57160

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaTask/edit.html...

07FLYCMS 安全漏洞

07FLYCMS is a free and open source content management system from China Zero Takeoff 07FLY. A security vulnerability exists in 07FLYCMS version V1.3.9, which stems from vulnerability to cross-site request forgery attacks...

PT-2025-3403 · 07Flycms · 07Flycms

Name of the Vulnerable Software and Affected Versions: 07FLYCMS version 1.3.9 Description: A Cross-Site Request Forgery CSRF issue was discovered in 07FLYCMS. The issue is related to the "/erp.07fly.net:80/oa/OaWorkReport/add.html" API endpoint. Recommendations: For 07FLYCMS version 1.3.9, as a...

07FLYCMS 安全漏洞

07FLYCMS is a free and open source content management system from China Zero Takeoff 07FLY. A security vulnerability exists in 07FLYCMS version V1.3.9, which stems from vulnerability to cross-site request forgery attacks...

07FLYCMS 安全漏洞

07FLYCMS is a free and open source content management system from China Zero Takeoff 07FLY. A security vulnerability exists in 07FLYCMS version V1.3.9, which stems from vulnerability to cross-site request forgery attacks...

07FLYCMS 安全漏洞

07FLYCMS is a free and open source content management system from China Zero Takeoff 07FLY. A security vulnerability exists in 07FLYCMS version V1.3.9, which stems from vulnerability to cross-site request forgery attacks...

CVE-2024-57161

CVE-2024-57161 affects 07FLYCMS v1.3.9 . Multiple connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability targeting the endpoint "/erp.07fly.net:80/oa/OaWorkReport/edit.html". The root cause is a CSRF flaw allowing unauthorized actions in that API path (no explicit exploit det...

WordPress plugin MightyForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Contact Form, Survey & Form Builder – MightyForms versions = 1.3.9...

CVE-2024-11897

The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress plugin MightyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Memberlite Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2024-16841 · WordPress · Memberlite Shortcodes

Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions up to, and including, 1.3.9 Description: The issue is related to Stored Cross-Site Scripting via the memberlite accordion shortcode due to insufficient input sanitization and output escaping...

WordPress Memberlite Shortcodes plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via memberlite_accordion Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via memberliteaccordion Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Memberlite Shortcodes versions = 1.3.9...

WordPress plugin Hola Free Video Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...